FCC Certification and CE Marking for Connected Devices: The Hardware Startup Compliance Roadmap
Most hardware founders don't discover FCC and CE certification requirements until a purchase order is blocked at customs or a retailer won't stock the product. Here's what connected device makers need to know about the certification process, timeline, cost, and how to plan it from day one.
The Stakes: What Happens If You Ship Without Authorization
Shipping a Wi-Fi module, BLE sensor, or LTE gateway into the US market without FCC equipment authorization is not a regulatory gray area — it is a federal violation with specific dollar amounts attached. The FCC's base forfeiture for marketing unauthorized radio frequency equipment is $7,000 per model, with a statutory per-violation ceiling of $19,246 per day and up to $144,344 for a single continuing violation (figures are inflation-adjusted and updated periodically; verify current amounts at FCC.gov). If you are selling two or three SKUs — a standard sensor, a Pro version, and a gateway — the FCC treats each unauthorized model as a separate violation, multiplying your exposure accordingly.
Recent enforcement makes clear that this is not theoretical. In November 2024, the FCC proposed a $734,872 fine against Eken, a Hong Kong-based IoT video doorbell manufacturer, for providing false designated agent information in its equipment authorization filings — and audited hundreds of certifications tied to the same agent. The scale of the fine reflects how seriously the agency treats certification fraud, but the underlying trigger was a connected consumer device that should have been familiar territory for any hardware compliance team.
Company size provides no buffer. T-Mobile settled an FCC investigation in 2024 after marketing a 5G smartphone for six days before its equipment authorization was in hand. Even that brief window — with thousands of units already sold — was enough to trigger formal proceedings and a mandated compliance plan. If the carrier operating the network can be held liable for a six-day window, a seed-stage startup selling direct-to-consumer faces the same statutory framework with far fewer resources to absorb it.
The exposure does not stop at fines. Under 47 CFR Part 2 Subpart K, radio frequency devices may only be imported into the United States under specific conditions — a valid FCC equipment authorization is the primary qualifying condition. Non-compliant shipments can be detained and returned at the port of entry under customs enforcement authority, and 47 U.S.C. § 510 separately authorizes federal seizure of apparatus used or intended for use in violation of FCC regulations. And if you route around retail to sell on Amazon: since 2022, Amazon has required sellers of radio-enabled devices to complete the FCC Radio Frequency Emission Compliance attribute and removes listings that do not comply — eliminating your primary sales channel without a court order.
FCC Authorization: The Three Paths and Which Applies to Your Device
The starting question for every hardware founder is not "how do I get FCC certified" — it is "which authorization path applies to my device." The answer depends entirely on one threshold distinction: does your device deliberately emit RF energy for communication, or does it emit RF only as a byproduct of normal operation? Under 47 CFR § 15.201, any intentional radiator — a device designed to transmit RF for communication purposes, including Wi-Fi, Bluetooth, LTE, Zigbee, and similar protocols — must obtain FCC Certification through an accredited Telecommunications Certification Body (TCB) before it can be marketed in the US. That is the highest bar, and it is non-negotiable for anything with a wireless stack.
Devices that generate RF energy only as an incidental byproduct — a coffee maker, a motor controller, a microcontroller board without wireless — fall into the unintentional radiator category. These can use the Supplier's Declaration of Conformity (SDoC), a self-certification path under which the manufacturer tests to FCC limits internally and publishes a declaration. No FCC ID number is issued, and no TCB review is required. For IoT hardware, the SDoC path is rarely the primary authorization — most connected devices are intentional radiators by definition — but it governs the host device's conducted and radiated emissions independent of any radio it carries.
The Modular Path: Highest ROI for Early-Stage Founders
For most hardware startups, the most operationally important route is the pre-certified module path authorized by 47 CFR § 15.212. When you integrate a module — an ESP32, a Nordic nRF series chip, a Sierra Wireless modem — that already holds its own FCC Certification, that certification transfers to your host product for the radio function, provided you preserve the module's tested conditions. The cost difference is material: a custom radio design certification typically runs $18,000–$58,000 and takes 8–16 weeks. The pre-certified module path narrows your testing obligation to unintentional radiator compliance under Part 15 Subpart B, which costs $3,000–$8,000 and takes 2–6 weeks.
The critical word is "preserves." The module's FCC authorization evaporates the moment you modify any of the conditions under which it was tested. Replacing the certified antenna, adding RF amplifiers or filters between the module and the antenna port, violating the manufacturer's ground plane or keep-out zone specifications, operating outside the tested voltage or temperature ranges, or modifying firmware to exceed the tested transmit power level — any of these actions voids the module certification and converts your product into an uncertified intentional radiator. The module path reduces compliance burden; it does not eliminate it, and the boundary conditions matter as much as the certification itself.
How TCBs Actually Issue Your Authorization
Whether you are pursuing full FCC Certification for a custom radio or relying on a pre-certified module for the radio function, the intentional radiator path runs through a TCB. These are private entities — not government offices — accredited to ISO/IEC 17065 and formally designated by the FCC. Since 2015, TCBs have handled the overwhelming majority of equipment authorization grants, and a complete submission typically yields a grant within 2–3 business days. The practical implication: lab testing and documentation preparation are the long poles in the schedule, not the TCB review itself. Filing a clean, complete package is the variable you can control.
CE Marking for the EU: The Radio Equipment Directive and What It Requires
CE marking trips up more hardware founders than it should, largely because of a misconception: unlike FCC Certification, CE marking is not a third-party approval. It is a manufacturer's self-declaration of conformity with applicable EU law. For most IoT devices tested against harmonized European standards, no notified body reviews your product before you affix the mark. You test, you document, you declare.
The governing framework is Directive 2014/53/EU — the Radio Equipment Directive (RED) — which has applied since June 13, 2017. It imposes three essential requirements on any radio-transmitting device placed on the EU market: Article 3.1(a) covers health and safety; Article 3.1(b) covers electromagnetic compatibility (EMC); and Article 3.2 requires that devices use radio spectrum efficiently and do not cause harmful interference.
Each essential requirement maps to a family of harmonized ETSI standards, and testing against those standards creates a presumption of conformity that removes the need for notified body review. For a typical BLE or Wi-Fi device operating in the 2.4 GHz band, the standard testing stack looks like this:
- EN 300 328 — the primary standard for Article 3.2 radio spectrum compliance for 2.4 GHz Wi-Fi and Bluetooth devices
- EN 301 489 series — covers Article 3.1(b) EMC requirements
- EN 62368-1 (replacing the older EN 60950-1) — covers Article 3.1(a) audio/video and IT equipment safety
- EN 301 908 — additionally required for LTE devices
If your device is mains-powered above 50V AC or 75V DC, the Low Voltage Directive (2014/35/EU) also applies. Wired-only industrial sensors with no radio transmitter fall under the EMC Directive (2014/30/EU) instead of RED.
Once testing is complete, you produce an EU Declaration of Conformity (DoC). The DoC must include the product name and model, your name and address as manufacturer, a conformity statement referencing the applicable directives, the list of harmonized standards relied upon, notified body details if one was involved, and a dated signature. The document must be kept on file for 10 years after the product is first placed on the market. There is no filing with a regulatory authority — but market surveillance authorities can request the DoC at any time, and the burden of proof rests entirely on you.
Timelines, Costs, and How to Choose a Test Lab
The two variables that determine your certification budget are radio design choice (custom vs. pre-certified module) and whether you invest in pre-compliance testing upfront. Here is what each path looks like in dollars and weeks.
FCC
A product built on a pre-certified wireless module needs only unintentional radiator testing for FCC. Total cost runs $3,000–$8,000 and the process compresses to 2–6 weeks. A product with a custom radio design is a different undertaking: lab testing alone takes 8–16 weeks and costs $18,000–$58,000 or more, with the full end-to-end timeline — pre-compliance testing, formal lab submission, and TCB grant — running 9–20 weeks. The TCB grant itself issues in 2–3 business days once the documentation package is clean; the time is in the testing and documentation, not the approval.
CE Marking
For a wireless IoT product regulated under the Radio Equipment Directive, third-party lab testing costs $1,500–$3,000 or more for consumer radio equipment — and that figure covers only the testing, not internal engineering hours or the EU Declaration of Conformity documentation. Simple products can achieve CE marking in 4–6 weeks. Products that require notified body involvement, or that are complex enough to trigger multi-standard test programs, routinely take 3–6 months.
The Pre-Compliance Testing ROI
How to Choose a Test Lab
Any lab conducting FCC testing must be ISO 17025-accredited — the international standard for testing and calibration laboratory competence. Accreditation is a floor, not a differentiator. The practical differentiator is whether the lab is itself a recognized Telecommunications Certification Body (TCB). When you test at a lab that holds TCB recognition, the grant is issued internally rather than handed off to a separate TCB, eliminating a 3–7 business day delay in the final step. For CE work, verify that the lab can test against the specific harmonized standards applicable to your radio technology — not all ISO 17025 labs are scoped for RED or the updated Article 3.3 cybersecurity requirements effective August 2025.
- Confirm ISO 17025 accreditation and verify the lab's scope covers your radio frequency bands and emissions standards
- Ask whether the lab is also a TCB to consolidate testing and grant issuance under one roof
- Require a pre-compliance test report before scheduling formal submission — labs that discourage this are not optimizing for your outcomes
Building Certification into Your Hardware Development Schedule
The founders who run into expensive problems with FCC and CE certification almost always share one trait: they treated compliance as a post-development step. The wiring diagram, PCB stackup, and antenna placement were already locked before anyone asked the question. Fixing those decisions after boards are manufactured means a respin — and a respin means another 6–10 weeks and another $15,000–$40,000 in NRE costs before you can even schedule a test slot.
Phase 1 — Design (Before Your First PCB Spin)
Engage a compliance engineer or certification consultant at schematic review, not at tape-out. The decisions that determine whether your device passes or fails are made at this stage. A 4-layer PCB stackup is required for most radio designs to achieve acceptable emissions control — 2-layer boards rarely meet FCC Part 15 unintentional radiator limits for anything above a few hundred MHz. Equally critical: maintain the antenna keep-out zone specified in your module's integration manual, and keep traces and components out of the antenna's near field. These are not software-patchable problems. If you miss them, you respin.
Before committing to any radio module, look up its FCC ID in the FCC Equipment Authorization System. Confirm the authorization is current (not lapsed), covers the exact frequency bands and power levels your design requires, and has not been modified from the tested configuration. A module that passed certification in a reference design does not automatically extend that coverage to your integration.
Phase 2 — Pre-Compliance Testing
Once your first boards are back, run pre-compliance testing on your own bench or at a lab offering informal scans before booking a formal test slot. As covered earlier in this guide, pre-compliance testing typically costs $500–$2,000 and identifies the majority of failures at a point when PCB modifications are still relatively inexpensive. The goal is to arrive at formal testing with no surprises — test labs bill by the hour, and failure-and-retest cycles are where certification budgets blow up.
Phase 3 — Formal Submission and Labeling
When you submit for formal certification, labeling compliance is a documentation requirement that catches founders off guard. Under 47 CFR § 15.19, the FCC ID must appear on the device in a visible, legible location. For small devices where a physical label is impractical, the FCC's e-labeling rule (FCC KDB 784748) permits displaying the FCC ID in a software settings menu — but only if a physical label on the device directs users to look for it there. Both the physical reference and the software display must be in place before your product ships.
Get Compliance Right Before the Purchase Order Arrives
FCC and CE certification delays don't announce themselves at the start of a product cycle. They surface when a retailer asks for your FCC ID before placing an order, when a customs broker flags your import shipment, or when Amazon removes your listing. By that point, the fix is months away and the consequences are immediate. The founders who avoid that scenario build compliance into the design phase — not as a regulatory afterthought, but as a product requirement with its own timeline and budget.
Promise Legal works with hardware founders on the legal side of the product launch process: entity structure, regulatory strategy, contract terms with manufacturers and distributors, and the cross-border compliance questions that arise when a device ships to multiple markets. If you are building a connected device and want to understand where your legal exposure sits before the product is otherwise finished, get in touch.
Promise Legal works with hardware founders on regulatory strategy, product launch compliance, and cross-border legal risk. Get in touch before your first production run.